I saw a post by SilentRage about this on the other thread we were talking about ways to exploit Win2k.
I hope to god people don't start calling this way of exploiting Windows "shatter attacks"
This is not "new" as Chris states in his paper.
I'm not being critical of the paper,it was interesting to read.
But Chris makes out that he has discovered this,and that no one else knows about it,or they do and haven't mentioned it or discussed it yet.
Its like he is now claiming credit to the design flaw..and remember folks,thats what it is essentially,a design falw,by Microsoft.
You only have to look at old bugtraq posts to know that people have been aware of this problem for a long time.
Back in March/April this year,I was myself playing with Window messaging API's.
Manipulating window procedures,how they looked,enabling disabled parts of the window for more functionality..etc
I admit I didn't think at the time of using an EDIT control box to store shell code,and then execute it using the WM_TIMER message.
But I did use the WM_TIMER message to execute procedures already inside the program i didn't have access to from normal control.
The main reason no one has mentioned these little things in such a long time,is because its not "new"
Papers described exploiting Windows in this way as far back as 1996.
I read a paper on Razzia's site.
Benny/29a also talked about how you could terminate applications easily in relation to virus scanners.
I think the title and comments in Chris's paper are conceited.
You could exploit many service applications out there for NT using Window API's..just about every single one of them.
But why report about somthing like that?
If his paper had have discussed exploiting registered windows in ALL Win2k operating systems,and not just application specific.
Then it would be critical,indeed,and somthing would surely have to be done.
This is not the case.
So,I'm just saying that although it is interesting,its not "new", its a little misleading,but no doubt,we'll see an upsurge in exploits for NT now that peoples minds have been refreshed on the issue.
I just hope they aren't called "shatter attacks"
It is a good article,just don't think these type of attacks should be labeled "shatter" or be considered "new"